Ivan Vilata i Balaguer
2012-Apr-03 12:24 UTC
Connecting two overlay meshes into a single mesh
Hi everyone. I'm wondering whether a setup like the one described below
would be possible with Tinc:
nodeA1 nodeB3
| |
(Network A) --- [GWA] --- (Internet) --- [GWB] --- (Network B)
| |
nodeA2 nodeB4
nodeA1, nodeA2 and GWA (along with other hosts not depicted above) are
connected in a ig mesh Network A. On top of it they define a private
mesh network using Tinc in a similar way as described [here][1]. Every
nodeAx in Network A connects to GWA and some nodeAx also connect between
themselves (that's why it's also a mesh). Every nodeAx has a small
network behind it with addresses in the Tinc mesh. Summarising, the
respective Tinc subnets are:
- nodeA1: X.Y.1.0/24
- nodeA2: X.Y.2.0/24
- GWA: X.Y.0.0/16
The same happens in Network B with nodeBx and GWB, and they define the
same Tinc network (with subnets that don't clash with Network A's):
- nodeB3: X.Y.3.0/24
- nodeB4: X.Y.4.0/24
- GWB: X.Y.0.0/16
I know that both separate Tinc meshes would work with a setup like the
one described in the link above (I checked!).
My doubt is: if GWA and GWB also connect to each other using Tinc via
the Internet, would traffic from nodeA2 be routed by GWA and GWB to
nodeB3 and back? Is it ok for Tinc that both GWA and GWB define the
same subnet? Would GWA forward traffic not addressed to nodeAx nodes to
GWB?
Thank you very much!
[1]: http://www.allsundry.com/2011/04/10/tinc-better-than-openvpn/
--
Ivan Vilata i Balaguer -- https://elvil.net/
On Tue, Apr 03, 2012 at 02:24:48PM +0200, Ivan Vilata i Balaguer wrote:> Hi everyone. I'm wondering whether a setup like the one described below > would be possible with Tinc: > > > nodeA1 nodeB3 > | | > (Network A) --- [GWA] --- (Internet) --- [GWB] --- (Network B) > | | > nodeA2 nodeB4[...]> - nodeA1: X.Y.1.0/24 > - nodeA2: X.Y.2.0/24 > - GWA: X.Y.0.0/16[...]> - nodeB3: X.Y.3.0/24 > - nodeB4: X.Y.4.0/24 > - GWB: X.Y.0.0/16 > > I know that both separate Tinc meshes would work with a setup like the > one described in the link above (I checked!). > > My doubt is: if GWA and GWB also connect to each other using Tinc via > the Internet, would traffic from nodeA2 be routed by GWA and GWB to > nodeB3 and back? Is it ok for Tinc that both GWA and GWB define the > same subnet? Would GWA forward traffic not addressed to nodeAx nodes to > GWB?If GWA and GWB connect to each other using the same tinc daemon they use to connect with the nodes on their own networks, then yes, nodeA2 will then be able to communicate with nodeB3. If possible, traffic between those two nodes will go directly, without having to be forwarded by GWA and GWB. It is OK to have two identical Subnets, however, one will have priority over the other. So, while GWA and GWB are connected, packets to X.Y.0.1 will go most likely only to GWA, whether it is sent from nodeA2 or nodeB3. You can manually adjust the priority of Subnets (see the manual). -- Met vriendelijke groet / with kind regards, Guus Sliepen <guus at tinc-vpn.org> -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: Digital signature URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20120403/50345218/attachment.pgp>